moving javaserver faces forward jsf 2.2 update -...

1

Copyright © 2012, Oracle and/or its affiliates. All rights reserved.

Moving JavaServer Faces Forward JSF 2.2 Update Ed Burns @edburns www.java.net/blogs/edburns

2


Safe Harbor Statement

The following is intended to outline our general product direc4on. It is intended for informa4on purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or func4onality, and should not be relied upon in making purchasing decisions. The development, release, and 4ming of any features or func4onality described for Oracle’s products remains at the sole discre4on of Oracle.

3


Plug: See Oracle’s JavaEE Cloud Story

•  Jürgen Höller is giving Spring’s cloud story right now in the Birnhorn room •  I will be giving Oracle’s JavaEE cloud story at 14:00 today in this room.

4


Program Agenda

• Where is JSF in its lifecycle? • Summarize the value proposition JSF has been trying to establish • Evaluate to what extent JSF has delivered on that value proposition

• What’s in JSF 2.2? • Big ticket features • Smaller features • Current status

• Questions and Answers

5


Program Agenda




6


Where is JSF in its lifecycle?

•  JavaOne 2001 Technical Keynote

7




8




9



• Original JSF Value Proposition • Solid web framework foundation • Vibrant 3rd party component market • Widely available in JavaEE containers • Open development process

10




11




12




13




14




• Future Prognosis • Continued support and investment from Oracle via JCP and JavaEE container

team • Staying true to its original mission

•  I think it would be a mistake to push JSF straight into the thin server model • There still is a place for UI state mostly on the server, perhaps with a mini-

lifecycle in the client

15


Where is JSF in its lifecycle? •  JSR 127

•  JSF 1.0 11 March 2004 •  JSF 1.1 27 May 2004

•  JSR 252 •  JSF 1.2 11 May 2006 •  JSF 1.2 Maintenance Release 1 19 December 2006 •  JSF 1.2 Maintenance Release 2 13 June 2008 •  JSF 1.2 Maintenance Release 3 25 August 2008

•  JSR 314 •  JSF 2.0 1 July 2009 •  JSF 2.1 16 July 2010 •  JSF 2.1 Maintenance Release 2 22 November 2010

•  JSR 344 • Started 14 April 2011 • Early Draft Review released 8 December 2011 • Working toward Public Review Draft

JSF Timeline

16


Program Agenda




17


Program Agenda




18


What’s new in JSF 2.2?

• Faces Flows • Multi Templating • HTML 5

Big Ticket Features

19



•  Lack of formal way to group pages leads to maintenance problems • Hard to understand navigation •  Like a large program that is a single function with lots of goto statements

• Faces Flows goals • Allow grouping related views together • Allow building applications as composites of modules of functionality

Big Ticket Features: Faces Flows

20



•  JSF Navigation Story Recap • Defines a graph of VDL views • XML rule base defines relationship

between views •  Implicit rules added in JSF 2.0


<navigation-rule> <description> global navigation rules </description> <from-view-id>*</from-view-id> <navigation-case> <description>Go to Edit Project Page</description> <from-outcome>editProject</from-outcome> <to-view-id>/project/edit.jsf</to-view-id> </navigation-case> <navigation-case> <description>Go to Select Projects Page</description> <from-outcome>showProjects</from-outcome> <to-view-id>/project/show.jsf</to-view-id> </navigation-case> <navigation-case> <description>Go to Edit Sprint Page</description> <from-outcome>editSprint</from-outcome> <to-view-id>/sprint/edit.jsf</to-view-id> </navigation-case> <navigation-case> <description>Go to Dashboard</description> <from-outcome>showDashboard</from-outcome> <to-view-id>/dashboard/show.jsf</to-view-id> </navigation-case> </navigation-rule>

<navigation-rule> <description> dashboard navigation rules </description> <from-view-id>/dashboard/show.xhtml</from-view-id> <navigation-case> <from-outcome>showSprints</from-outcome> <to-view-id>/sprint/show.xhtml</to-view-id> </navigation-case> <navigation-case> <description> see burndown </description> <from-outcome>burndown</from-outcome> <to-view-id>/burndown.xhtml</to-view-id> </navigation-case> </navigation-rule> <navigation-rule> <description> project navigation rules </description> <from-view-id>/project/show.xhtml</from-view-id> <navigation-case> <from-outcome>showSprints</from-outcome> <to-view-id>/sprint/show.xhtml</to-view-id> </navigation-case> </navigation-rule> <navigation-rule> <description> sprint navigation rules </description> <from-view-id>/sprint/show.xhtml</from-view-id> <navigation-case> <from-outcome>showStories</from-outcome> <to-view-id>/story/show.xhtml</to-view-id> </navigation-case> <navigation-case> <from-outcome>showDashboard</from-outcome> <to-view-id>/dashboard/show.xhtml</to-view-id> </navigation-case> </navigation-rule>

21



• Faces Flows builds on the existing JSF navigation story and adds • Several node types in addition to VDL views • Well defined start and end-node concept • Scope concept • Ability to package a flow as a module and enclose it in a self-configuring jar

• Still described in XML •  In faces-config.xml file(s) •  In VDL views, within <f:metadata>

• Two main varieties of flows • Unbounded (No specific start or end,

not within a specific flow) • Bounded (with explicit start node and end

node(s))


<f:metadata> <j:faces-flow-definition> <j:start-node>router1</j:start-node> <j:faces-flow-return id="success"> <j:navigation-case> <j:from-outcome>/complete</j:from-outcome> </j:navigation-case> </j:faces-flow-return> <j:faces-flow-return id="errorOccurred"> <j:navigation-case> <j:from-outcome>error</j:from-outcome> </j:navigation-case> </j:faces-flow-return> <j:switch id="router1"> <j:navigation-case> <j:if>#{facesFlowScope.customerId == null}</j:if> <j:from-outcome>create-customer</j:from-outcome> </j:navigation-case> </j:switch> <j:view id="create-customer"> <j:vdl-document>create-customer.xhtml</j:vdl-document> </j:view> <j:view id="maintain-customer-record"> <j:vdl-document>maintain-customer-record.xhtml</j:vdl-document> </j:view> <j:initializer>#{maintainCustomerBean.initializeFlow}</j:initializer> <j:finalizer>#{maintainCustomerBean.cleanUpFlow}</j:finalizer> </j:faces-flow-definition> </f:metadata>

22



• Bounded and Unbounded Faces Flows


Unbounded

Bounded

23



• Runtime API: javax.faces.flow package


24



• Runtime API • @FlowScoped CDI annotation •  #{facesFlowScope} EL implicit Object


25



• Demo


26




Big Ticket Features

27



• Build on existing concepts in Facelets • Enables defining a contract for a “site template”, similar to Joomla! • Contract specifies

• Template metadata: name, version, author, etc. • Facelet insertion points: header, menu, content, etc. • CSS classes

• Templates can be bundled in self configuring jar and dropped into WEB-INF/lib to activate.

Big Ticket Features: Multi-templating

28



• Demo

Big Ticket Features: Multi-templating

29




Big Ticket Features

30



• What’s the big deal with HTML5? •  It lets the UI authoring experience focus on the browser, instead of server-side

processing that delivers content to the browser. • Recall my JSF Days 2008 keynote

Big Ticket Features: HTML5

31



•  JSF component libraries already can support HTML5 • For JSF 2.2, the goal is to exploit new concepts in HTML5 where sensible • HTML5 Content Categories

• Metadata • New features in base, command, link, meta, noscript, style, title

• Sectioning and Heading • New elements nav, aside, article, section, h1-h6, hgroup

• Form associated elements • New features in button, input, object, textarea, label • New elements fieldset, keygen, meter, output, progress, select

•  Input related elements • New elements autocomplete, autofocus, pattern, placeholder, type

•  data-xxx attributes

Big Ticket Features: HTML5

32


Program Agenda




33



• Directly taken from Seam’s Faces Module <s:viewAction> • Think of it like a button that automatically clicks itself when the page loads

Smaller Features: <f:viewAction>

<f:metadata> <f:viewParam id="id" name="id" value="#{newsReader.selectedStoryId}" required="true" requiredMessage="You did not specify a headline. (The id parameter is missing)" converterMessage="Invalid headline. (The id parameter is not a number)" validatorMessage="Invalid headline. (The id parameter is not a positive number)"> <f:validateLongRange minimum="1"/> </f:viewParam> <f:viewAction action="#{newsReader.goToPage01IfValidationFailed}" phase="PROCESS_VALIDATIONS" onPostback="true" /> <f:viewAction action="#{newsReader.loadStory}" onPostback="true" /> </f:metadata>

34



• What is Cross Site Request Forgery (CSRF, pronounced SEE-surf)? • http://en.wikipedia.org/wiki/Cross-site_request_forgery • Trick the browser into sending requests that the user did not actually intend to initiate

Smaller Features: CSRF Protection

35



• How does JSF protect your app against this attack? 1.  It already does and always has!

POSTback is a virture. JSF 2.2 just makes encryption of the view state on by default


36



• How does JSF protect your app against this attack? 2.  For non-POSTback requests, the <protected-views> element comes to the

rescue. •  ViewHandler asks “Is this view protected?” if so, proceed. •  If not, inspect the Referer[sic] header. If coming from a protected view,

proceed. •  If not, does the referrer at least originate in this web app? If so, proceed. •  If no Referer header, look for

ResponseStateManager.NON_POSTBACK_VIEW_TOKEN_PARAM This query parameter will be present because of these changes to ResponseStateManager.getState()


37



Smaller Features: More CDI injectable artifacts

38


• Yes, it is now programmatically possible to instantiate a Facelet and call apply() on it.

• Why would you need to do this? • Because the result of Application.createComponent() is not always enough

• No automatic ajaxification • No child handlers • Other cases

What’s new in JSF 2.2? Smaller Features: FaceletFactory now in the API

39


• No need for commons fileupload • Ajax and non-Ajax based • Portlet safe

What’s new in JSF 2.2? Smaller Features: <h:inputFile>

40


• New class javax.faces.lifecycle.ClientWindow • Represents a browser tab, browser window, pop-up, portlet, or anything else that

can display a UIComponent hierarchy rooted at a UIViewRoot • Not-enabled by default because it can be invasive in the URL space

•  “none” mode: the feature is disabled •  “url” mode: the ClientWindow is encoded in the URL

• Faces Flows is entirely dependent on this feature

What’s new in JSF 2.2? Smaller Features: ClientWindow

41


Program Agenda




42


• Big Ticket Features still in progress • Good progress on Faces Flows just this week! • Multi-templating has an existing prototype • HTML5 work is straightforward

• Smaller items all implemented with a few exceptions • File upload needs Ajax support • ClientWindow needs some additional polish • Relative ResourceHandler not implemented • Better integration with j_security_check and JSF • Runtime inspection and modification of config process

Current Status

43


Program Agenda




44


Questions and Answers

45


Safe Harbor Statement

The preceding was intended to outline our general product direc4on. It is intended for informa4on purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or func4onality, and should not be relied upon in making purchasing decisions. The development, release, and 4ming of any features or func4onality described for Oracle’s products remains at the sole discre4on of Oracle.

moving javaserver faces forward jsf 2.2 update -...

Documents